The following Fedora EPEL 6 Security updates need testing:
Age URL
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-972f57ea6d drupal7-7.72-1.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b425525e83 mbedtls-2.7.17-1.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83b080a694 proftpd-1.3.3g-15.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-54aaef4451 golang-1.15.2-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
IP2Location-8.0.9-9.20200916git6e49424.el6
Details about builds:
================================================================================
IP2Location-8.0.9-9.20200916git6e49424.el6 (FEDORA-EPEL-2020-f04ff49b16)
C library for mapping IP address to geolocation information
--------------------------------------------------------------------------------
Update Information:
subpackage data-sample: add suffix "SAMPLE" to included BIN files, fix file
permissions ---- add patch to sync with upstream
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
The following Fedora EPEL 8 Security updates need testing:
Age URL
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2390c71f9c chromium-85.0.4183.83-1.el8
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0214580ca4 mbedtls-2.16.8-1.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c5ced83bcc seamonkey-2.53.4-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
IP2Location-8.0.9-9.20200916git6e49424.el8
icon-9.5.20i-1.el8
mock-2.6-1.el8
mock-core-configs-33-1.el8
perl-URI-cpan-1.007-4.el8
python-ldap3-2.8.1-1.el8
python-prometheus_client-0.7.1-6.el8
python-uptime-3.0.1-1.el8
Details about builds:
================================================================================
IP2Location-8.0.9-9.20200916git6e49424.el8 (FEDORA-EPEL-2020-21b055265b)
C library for mapping IP address to geolocation information
--------------------------------------------------------------------------------
Update Information:
subpackage data-sample: add suffix "SAMPLE" to included BIN files, fix file
permissions ---- add patch to sync with upstream
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
icon-9.5.20i-1.el8 (FEDORA-EPEL-2020-bca491b47c)
Icon programming language
--------------------------------------------------------------------------------
Update Information:
New package: Icon programming language.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1862842 - Review Request: icon - Icon programming language
https://bugzilla.redhat.com/show_bug.cgi?id=1862842
--------------------------------------------------------------------------------
================================================================================
mock-2.6-1.el8 (FEDORA-EPEL-2020-07a27d3e56)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
Per release notes: https://github.com/rpm-software-
management/mock/wiki/Release-Notes-2.5 mock - because of the mock-filesystem
change, we need to enforce upgrade of the old mock-core-configs package - set
the DNF user_agent in dnf.conf (msuchy(a)redhat.com) - introduce mock-filesystem
subpackage (msuchy(a)redhat.com) - add showrc plugin to record the output of rpm
--showrc (riehecky(a)fnal.gov) - document which packages we need in buildroot
(msuchy(a)redhat.com) - macros without leading '%' like
config_opts['macros']['macroname'] work fine again (issue#605) mock-core-
cofnigs - provide the Fedora ELN mock configuration - some adjustments were
done for the new mock-filesystem package https://github.com/rpm-software-
management/mock/wiki/Release-Notes-2.6 the --recurse option implies
--continue fix --chain --continue option fail when --continue/--recurse
is used without --chain fix _copy_config() for broken symlinks in dst=
(#1878924) auto-download the source RPMs from web with --rebuild handle
exceptions from command_parse() method fail verbosely for --chain &
--resultdir combination allow using -a|--addrepo with
/absolute/path/argument add support for -a/--addrepo in normal --rebuild
mode use systemd-nspawn --resolv-conf=off create /etc/localtime as
symlink even with isolation=simple (msuchy(a)redhat.com) dump the reason for
particular package build fail in --chain raise PkgError when the source RPM
can not be installed
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 15 2020 Pavel Raiskup <praiskup(a)redhat.com> 2.6-1
- the --recurse option implies --continue
- fix --chain --continue option
- fail when --continue/--recurse is used without --chain
- fix _copy_config() for broken symlinks in dst= (rhbz#1878924)
- auto-download the source RPMs from web with --rebuild
- handle exceptions from command_parse() method
- fail verbosely for --chain & --resultdir combination
- allow using -a|--addrepo with /absolute/path/argument
- add support for -a/--addrepo in normal --rebuild mode
- use systemd-nspawn --resolv-conf=off
- create /etc/localtime as symlink even with isolation=simple (msuchy(a)redhat.com)
- dump the reason for particular package build fail in --chain
- raise PkgError when the source RPM can not be installed
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 2.5-2
- because of the mock-filesystem change, we need to enforce upgrade
of the old mock-core-configs package
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 2.5-1
- set the DNF user_agent in dnf.conf (msuchy(a)redhat.com)
- introduce mock-filesystem subpackage (msuchy(a)redhat.com)
- add showrc plugin to record the output of rpm --showrc (riehecky(a)fnal.gov)
- document which packages we need in buildroot (msuchy(a)redhat.com)
- macros without leading '%' like config_opts['macros']['macroname'] work
fine again (issue#605)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1857918 - RFE: --addrepo does not work with --rebuild && --resultdir should warn for --chain mode
https://bugzilla.redhat.com/show_bug.cgi?id=1857918
[ 2 ] Bug #1878924 - mock fails in _copy_config with FileNotFoundError for /etc/resolv.conf in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1878924
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-33-1.el8 (FEDORA-EPEL-2020-07a27d3e56)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
Per release notes: https://github.com/rpm-software-
management/mock/wiki/Release-Notes-2.5 mock - because of the mock-filesystem
change, we need to enforce upgrade of the old mock-core-configs package - set
the DNF user_agent in dnf.conf (msuchy(a)redhat.com) - introduce mock-filesystem
subpackage (msuchy(a)redhat.com) - add showrc plugin to record the output of rpm
--showrc (riehecky(a)fnal.gov) - document which packages we need in buildroot
(msuchy(a)redhat.com) - macros without leading '%' like
config_opts['macros']['macroname'] work fine again (issue#605) mock-core-
cofnigs - provide the Fedora ELN mock configuration - some adjustments were
done for the new mock-filesystem package https://github.com/rpm-software-
management/mock/wiki/Release-Notes-2.6 the --recurse option implies
--continue fix --chain --continue option fail when --continue/--recurse
is used without --chain fix _copy_config() for broken symlinks in dst=
(#1878924) auto-download the source RPMs from web with --rebuild handle
exceptions from command_parse() method fail verbosely for --chain &
--resultdir combination allow using -a|--addrepo with
/absolute/path/argument add support for -a/--addrepo in normal --rebuild
mode use systemd-nspawn --resolv-conf=off create /etc/localtime as
symlink even with isolation=simple (msuchy(a)redhat.com) dump the reason for
particular package build fail in --chain raise PkgError when the source RPM
can not be installed
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 33-1
- bump version to 33, as we already ship F33 configs
- because of the mock-filesystem change, depend on mock 2.5
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 32.8-1
- set the DNF user_agent in dnf.conf (msuchy(a)redhat.com)
- add Fedora ELN configs
- introduce mock-filesystem subpackage (msuchy(a)redhat.com)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1857918 - RFE: --addrepo does not work with --rebuild && --resultdir should warn for --chain mode
https://bugzilla.redhat.com/show_bug.cgi?id=1857918
[ 2 ] Bug #1878924 - mock fails in _copy_config with FileNotFoundError for /etc/resolv.conf in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1878924
--------------------------------------------------------------------------------
================================================================================
perl-URI-cpan-1.007-4.el8 (FEDORA-EPEL-2020-8bb1d5473c)
URLs that refer to things on the CPAN
--------------------------------------------------------------------------------
Update Information:
This is the first build of perl-URI-cpan.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1876259 - Review Request: perl-URI-cpan - URLs that refer to things on the CPAN
https://bugzilla.redhat.com/show_bug.cgi?id=1876259
--------------------------------------------------------------------------------
================================================================================
python-ldap3-2.8.1-1.el8 (FEDORA-EPEL-2020-a10e15f7d5)
Strictly RFC 4511 conforming LDAP V3 pure Python client
--------------------------------------------------------------------------------
Update Information:
Update to 2.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 15 2020 Avram Lubkin <aviso(a)rockhopper.net> - 2.8.1-1
- Update to 2.8.1
* Sat Jun 20 2020 Avram Lubkin <aviso(a)rockhopper.net> - 2.7-1
- Update to 2.7
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 2.6.1-4
- Rebuilt for Python 3.9
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Oct 20 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 2.6.1-2
- Subpackage python2-ldap3 has been removed
See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
--------------------------------------------------------------------------------
================================================================================
python-prometheus_client-0.7.1-6.el8 (FEDORA-EPEL-2020-ca358c132f)
Python client for Prometheus
--------------------------------------------------------------------------------
Update Information:
Initial addition to EPEL8.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-uptime-3.0.1-1.el8 (FEDORA-EPEL-2020-a84bbc290a)
Cross-platform uptime library
--------------------------------------------------------------------------------
Update Information:
Initial package for Fedora
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1878143 - Review Request: python-uptime - Cross-platform uptime library
https://bugzilla.redhat.com/show_bug.cgi?id=1878143
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
763 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7
503 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-49c5f31e92 python-pip-epel-8.1.2-14.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-864bc6779e chromium-85.0.4183.83-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83bdeb2965 ansible-2.9.13-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0a324e529d drupal7-7.72-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f9a066663b mbedtls-2.7.17-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-25e525a9ca seamonkey-2.53.4-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-918ad695f6 proftpd-1.3.5e-10.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d968abb383 golang-1.15.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
IP2Location-8.0.9-9.20200916git6e49424.el7
mock-2.6-1.el7
mock-core-configs-33-1.el7
nginx-1.16.1-2.el7
perl-URI-cpan-1.007-3.el7
python-ldap3-2.8.1-1.el7
Details about builds:
================================================================================
IP2Location-8.0.9-9.20200916git6e49424.el7 (FEDORA-EPEL-2020-f4d76a2061)
C library for mapping IP address to geolocation information
--------------------------------------------------------------------------------
Update Information:
subpackage data-sample: add suffix "SAMPLE" to included BIN files, fix file
permissions ---- add patch to sync with upstream
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
mock-2.6-1.el7 (FEDORA-EPEL-2020-0996fb7a3c)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
mock - because of the mock-filesystem change, we need to enforce upgrade of the
old mock-core-configs package - set the DNF user_agent in dnf.conf
(msuchy(a)redhat.com) - introduce mock-filesystem subpackage (msuchy(a)redhat.com) -
add showrc plugin to record the output of rpm --showrc (riehecky(a)fnal.gov) -
document which packages we need in buildroot (msuchy(a)redhat.com) - macros
without leading '%' like config_opts['macros']['macroname'] work fine again
(issue#605) mock-core-cofnigs - provide the Fedora ELN mock configuration -
some adjustments were done for the new mock-filesystem package
https://github.com/rpm-software-management/mock/wiki/Release-Notes-2.6 - the
--recurse option implies --continue - fix --chain --continue option - fail when
--continue/--recurse is used without --chain - fix _copy_config() for broken
symlinks in dst= (rhbz#1878924) - auto-download the source RPMs from web with
--rebuild - handle exceptions from command_parse() method - fail verbosely for
--chain & --resultdir combination - allow using -a|--addrepo with
/absolute/path/argument - add support for -a/--addrepo in normal --rebuild mode
- use systemd-nspawn --resolv-conf=off - create /etc/localtime as symlink even
with isolation=simple (msuchy(a)redhat.com) - dump the reason for particular
package build fail in --chain - raise PkgError when the source RPM can not be
installed
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 15 2020 Pavel Raiskup <praiskup(a)redhat.com> 2.6-1
- the --recurse option implies --continue
- fix --chain --continue option
- fail when --continue/--recurse is used without --chain
- fix _copy_config() for broken symlinks in dst= (rhbz#1878924)
- auto-download the source RPMs from web with --rebuild
- handle exceptions from command_parse() method
- fail verbosely for --chain & --resultdir combination
- allow using -a|--addrepo with /absolute/path/argument
- add support for -a/--addrepo in normal --rebuild mode
- use systemd-nspawn --resolv-conf=off
- create /etc/localtime as symlink even with isolation=simple (msuchy(a)redhat.com)
- dump the reason for particular package build fail in --chain
- raise PkgError when the source RPM can not be installed
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 2.5-2
- because of the mock-filesystem change, we need to enforce upgrade
of the old mock-core-configs package
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 2.5-1
- set the DNF user_agent in dnf.conf (msuchy(a)redhat.com)
- introduce mock-filesystem subpackage (msuchy(a)redhat.com)
- add showrc plugin to record the output of rpm --showrc (riehecky(a)fnal.gov)
- document which packages we need in buildroot (msuchy(a)redhat.com)
- macros without leading '%' like config_opts['macros']['macroname'] work
fine again (issue#605)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1857918 - RFE: --addrepo does not work with --rebuild && --resultdir should warn for --chain mode
https://bugzilla.redhat.com/show_bug.cgi?id=1857918
[ 2 ] Bug #1878924 - mock fails in _copy_config with FileNotFoundError for /etc/resolv.conf in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1878924
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-33-1.el7 (FEDORA-EPEL-2020-0996fb7a3c)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
mock - because of the mock-filesystem change, we need to enforce upgrade of the
old mock-core-configs package - set the DNF user_agent in dnf.conf
(msuchy(a)redhat.com) - introduce mock-filesystem subpackage (msuchy(a)redhat.com) -
add showrc plugin to record the output of rpm --showrc (riehecky(a)fnal.gov) -
document which packages we need in buildroot (msuchy(a)redhat.com) - macros
without leading '%' like config_opts['macros']['macroname'] work fine again
(issue#605) mock-core-cofnigs - provide the Fedora ELN mock configuration -
some adjustments were done for the new mock-filesystem package
https://github.com/rpm-software-management/mock/wiki/Release-Notes-2.6 - the
--recurse option implies --continue - fix --chain --continue option - fail when
--continue/--recurse is used without --chain - fix _copy_config() for broken
symlinks in dst= (rhbz#1878924) - auto-download the source RPMs from web with
--rebuild - handle exceptions from command_parse() method - fail verbosely for
--chain & --resultdir combination - allow using -a|--addrepo with
/absolute/path/argument - add support for -a/--addrepo in normal --rebuild mode
- use systemd-nspawn --resolv-conf=off - create /etc/localtime as symlink even
with isolation=simple (msuchy(a)redhat.com) - dump the reason for particular
package build fail in --chain - raise PkgError when the source RPM can not be
installed
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 33-1
- bump version to 33, as we already ship F33 configs
- because of the mock-filesystem change, depend on mock 2.5
* Thu Sep 3 2020 Pavel Raiskup <praiskup(a)redhat.com> 32.8-1
- set the DNF user_agent in dnf.conf (msuchy(a)redhat.com)
- add Fedora ELN configs
- introduce mock-filesystem subpackage (msuchy(a)redhat.com)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1857918 - RFE: --addrepo does not work with --rebuild && --resultdir should warn for --chain mode
https://bugzilla.redhat.com/show_bug.cgi?id=1857918
[ 2 ] Bug #1878924 - mock fails in _copy_config with FileNotFoundError for /etc/resolv.conf in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1878924
--------------------------------------------------------------------------------
================================================================================
nginx-1.16.1-2.el7 (FEDORA-EPEL-2020-0f3f88c479)
A high performance web server and reverse proxy server
--------------------------------------------------------------------------------
Update Information:
fix 404.html location and indenting (rhbz#1409685) include patch for
CVE-2019-20372 (rhbz#1790280)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 7 2020 Felix Kaechele <heffer(a)fedoraproject.org> - 1:1.16.1-2
- fix 404.html location and indenting (rhbz#1409685)
- include patch for CVE-2019-20372 (rhbz#1790280)
- rework patches to work with %autosetup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409685 - a typo for 404 handler in the default server section
https://bugzilla.redhat.com/show_bug.cgi?id=1409685
[ 2 ] Bug #1790280 - CVE-2019-20372 nginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1790280
[ 3 ] Bug #1867261 - EPEL7 nginx package contains CVEs and it's two major versions behind.
https://bugzilla.redhat.com/show_bug.cgi?id=1867261
--------------------------------------------------------------------------------
================================================================================
perl-URI-cpan-1.007-3.el7 (FEDORA-EPEL-2020-3cdcbc56e0)
URLs that refer to things on the CPAN
--------------------------------------------------------------------------------
Update Information:
This is the first build of perl-URI-cpan.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1876259 - Review Request: perl-URI-cpan - URLs that refer to things on the CPAN
https://bugzilla.redhat.com/show_bug.cgi?id=1876259
--------------------------------------------------------------------------------
================================================================================
python-ldap3-2.8.1-1.el7 (FEDORA-EPEL-2020-703be62e91)
Strictly RFC 4511 conforming LDAP V3 pure Python client
--------------------------------------------------------------------------------
Update Information:
Update to 2.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 15 2020 Avram Lubkin <aviso(a)rockhopper.net> - 2.8.1-1
- Update to 2.8.1
--------------------------------------------------------------------------------
Hi, we ship epelplayground-8-x86_64.cfg file in mock-core-configs so users can
reproduce builds locally with mock. Initially the configuration worked, but it
has been failing for quite some time now. Dnf isn't able to --installroot:
No matches found for the following disable plugin patterns: local, spacewalk
CentOS-8 - Base 12 MB/s | 2.2 MB 00:00
CentOS-8 - AppStream 21 MB/s | 5.8 MB 00:00
CentOS-8 - PowerTools 11 MB/s | 1.9 MB 00:00
CentOS-8 - Extras 33 kB/s | 7.3 kB 00:00
Extra Packages for Enterprise Linux 8 - Playgro 15 MB/s | 6.1 MB 00:00
Error:
Problem: conflicting requests
- nothing provides fpc-srpm-macros needed by epel-rpm-macros-8-16.playground.noarch
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)
I'm not sure we miss something there, but it looks like the shipped chroot is
broken. The mock bug report [1], and fpc-srpm-macros report [2].
Local mock builds are done against CentOS repositories, so I'm not sure where to
report this problem, if here or to CentOS (but starting here as I believe that
fpc-srpm-macros should go to the playground repo).
Also another question is whether we can fix the chroot, or not (dropping the
config file from mock-core-configs is an option, too).
[1] https://github.com/rpm-software-management/mock/issues/620
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1875057
Pavel
The following Fedora EPEL 6 Security updates need testing:
Age URL
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-972f57ea6d drupal7-7.72-1.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b425525e83 mbedtls-2.7.17-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
aha-0.5.1-1.el6
amavisd-milter-1.7.1-1.el6
golang-1.15.2-1.el6
proftpd-1.3.3g-15.el6
Details about builds:
================================================================================
aha-0.5.1-1.el6 (FEDORA-EPEL-2020-0271d6f7f6)
Convert terminal output to HTML
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release (v0.5.1)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 14 2020 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 0.5.1-1
- Update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
amavisd-milter-1.7.1-1.el6 (FEDORA-EPEL-2020-8ac4c5df36)
Sendmail milter for amavisd-new using the AM.PDP protocol
--------------------------------------------------------------------------------
Update Information:
# amavisd-milter ## Bug and compatibility fixes - An empty sender must always
be enclosed in angle brackets
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 14 2020 Robert Scheck <robert(a)fedoraproject.org> 1.7.1-1
- Upgrade to 1.7.1 (#1878910)
* Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1878910 - amavisd-milter-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1878910
--------------------------------------------------------------------------------
================================================================================
golang-1.15.2-1.el6 (FEDORA-EPEL-2020-54aaef4451)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
* Rebase to go1.15.2 * Security fix for CVE-2020-24553
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 10 2020 Jakub ��ajka <jcajka(a)redhat.com> - 1.15.2-1
- Rebase to go1.15.2
- Security fix for CVE-2020-24553
- Resolves: BZ#1874859
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS
https://bugzilla.redhat.com/show_bug.cgi?id=1874857
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3g-15.el6 (FEDORA-EPEL-2020-83b080a694)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update fixes a NULL pointer dereference in SCP options processing. An
authenticated remote attacker could issue invalid SCP commands, possibly
resulting in a Denial of Service condition. Note: the sftp/scp server is not
enabled by the default configuration.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 14 2020 Paul Howarth <paul(a)city-fan.org> - 1.3.3g-15
- Fix null pointer dereference for invalid SCP command by passing the
correct argument count to getopt(3)
https://github.com/proftpd/proftpd/issues/1043https://github.com/proftpd/proftpd/pull/1044https://bugzilla.redhat.com/show_bug.cgi?id=1878869
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1878869 - proftpd: NULL pointer dereference via invalid SCP command leads to DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1878869
--------------------------------------------------------------------------------